ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Secure Boot: Can the fuses be written multiple times?

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
解決済み
ソリューションへジャンプ

Secure Boot: Can the fuses be written multiple times?

ソリューションへジャンプ
‎05-09-2019 05:13 AM
1,862件の閲覧回数
tmoos
Contributor III

I'm implementing Secure Boot on the QorIQ T1023 SoC. I have to write  the hash of the pubkey into the fuse box.

Is it possible to prototype secure boot with a "temporary" pubkey and to change the pubkey hash later on? I.e. can I write the pubkey hash to the fuse box multiple times?

There is a "Write Protect" bit (SFP_OSPR.WP) which suggest that it might be possible.

タグ(3)
0 件の賞賛
返信
1 解決策

ソリューションへジャンプ
‎05-13-2019 02:06 AM
1,688件の閲覧回数
bpe
NXP Employee
NXP Employee

Blowing a fuse is an irreversible action. Per T1023 HW specification,
the chip allows two fuse programming cycles, so you don't have to blow
all necessary fuses at once, but that doesn't mean there is a way
to "unblow" a fuse.  If you are working in a development environment
and don't want to permanently program the SRK hash, you have an option
to put it into SFP mirror registers one each boot, while the core is
held in reset. Note that this method will not work with OTPMK, which
_must_ be blown, and it will not work if you blown ITS fuse. 

Details can be found in QorIQ SDK online documentation:

https://nxp.sdlproducts.com/LiveContent/content/en-US/QorIQ_SDK/GUID-D66DBC8F-EF26-4D77-98DB-D7E769E...

https://nxp.sdlproducts.com/LiveContent/content/en-US/QorIQ_SDK/GUID-0CE7B61F-1AF1-4BF4-93C7-676B7CA...


Have a great day,
Platon

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

元の投稿で解決策を見る

返信
1 返信

ソリューションへジャンプ
‎05-13-2019 02:06 AM
1,689件の閲覧回数
bpe
NXP Employee
NXP Employee

Blowing a fuse is an irreversible action. Per T1023 HW specification,
the chip allows two fuse programming cycles, so you don't have to blow
all necessary fuses at once, but that doesn't mean there is a way
to "unblow" a fuse.  If you are working in a development environment
and don't want to permanently program the SRK hash, you have an option
to put it into SFP mirror registers one each boot, while the core is
held in reset. Note that this method will not work with OTPMK, which
_must_ be blown, and it will not work if you blown ITS fuse. 

Details can be found in QorIQ SDK online documentation:

https://nxp.sdlproducts.com/LiveContent/content/en-US/QorIQ_SDK/GUID-D66DBC8F-EF26-4D77-98DB-D7E769E...

https://nxp.sdlproducts.com/LiveContent/content/en-US/QorIQ_SDK/GUID-0CE7B61F-1AF1-4BF4-93C7-676B7CA...


Have a great day,
Platon

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

返信